The malware used to target the Winter Olympic Games in Pyeongchang, South Korea, has reportedly identified a potential breach at Atos, the worldwide IT partner of the International Olympic Committee (IOC).

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

The IOC said the issues had been resolved quickly, but declined to comment on the details, saying only that the IOC was making sure its systems were secure.

It has subsequently emerged that the malware, commonly referred to as Olympic Destroyer and initially identified by Talos researchers, was used in the attack.

According to the Talos researchers, the malware required the login credentials of Olympics staff to propagate quickly and spread a destructive payload, which deletes files.

Samples of the malware were uploaded to the VirusTotal malware analysis site, revealing that the code contained Atos employee credentials, and suggesting that those behind the attack had penetrated an Atos nework in December 2017, pointing to how the attackers were able to access the required credentials, according to CyberScoop.

Some of the malware samples were uploaded from France, where the report notes that Atos is headquartered, and Romania, where some members of the Atos security team are based. If the intrusion and the link to the Olympic Destroyer malware are confirmed, the cyber attack on the Winter Games will be yet another example of the importance of supply chain security.

Atos told the news site that it is investigating a potential breach with the help of McAfee’s Advanced Threat Research team and law enforcement, but added: “Credentials embedded in the malware do not indicate the origin of the attack.”

Russia, China and North Korea have all been blamed for the cyber attack on the Olympics, but most security experts admit that attribution is extremely difficult, while others argue that attribution is irrelevant, and that the focus should be on the economic impact of attacks and reducing that impact.

Read more about supply chain security

According to research by security firm Recorded Future, analysis surrounding malware code similarities of Olympic Destroyer have yielded many leads, but “no conclusive attribution”.

However, the researchers said Olympic Destroyer should be treated with a high level of concern, because of the destructive nature of the malware and its potent mechanisms to spread laterally.

They also noted that the co-occurrence of disparate code overlaps in the malware may indicate a false flag operation, attempting to dilute evidence and confuse researchers.

Priscilla Moriuchi, director of strategic threat development at Recorded Future, said attribution continues to be important because it shapes the victim, public and government responses.

“However, accurate attribution is both more crucial and more difficult to determine than ever because adversaries are constantly evolving new techniques and the expertise required to identify a sophisticated actor keeps increasing,” she said.

Juan Andres Guerrero-Saade, principal security researcher in the Insikt Group at Recorded Future, said complex malware operations give cause to re-evaluate research methods to ensure the research community is not being misled by its own eagerness to attribute attacks.

“The Olympic Destroyer campaign comes at a precarious time of geopolitical tensions with several possible perpetrators, but conclusive proof in any one particular direction has not yet been shared,” he said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy